OpenAM -12版,Agent 3.5和3.3版,tomcat 7版
我试图按照链接https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012设置我的J2EE代理。问问题后让我粘贴步骤(请参阅最后)
但我得到以下错误
我曾尝试多次使用已安装和卸载的3.5版本,并尝试使用先前版本。
在http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error上对此主题进行了很好的讨论,但对我没有太大帮助。
我正在使用LDAP,所以我已经使用LDAP领域,主题显示正常。我还观察到,“策略”选项卡与“博客”中的描述相比已发生了很大变化。
现在有了障碍,我不确定该如何进行,因为错误并没有给我任何提示。我甚至在类路径中使用代理的用户名和密码添加了名为AMConfig.properties的文件,并按照上述讨论中的建议尝试了OpenAM管理员的用户名和密码。但这也无济于事。
问题是Tomcat现在尚未启动,并显示错误消息,需要AMConfig.properties属性
我知道OpenAM Realm设置很好,因为我能够通过该领域登录到另一个应用程序(Liferay),我只需要提供URL即可使用OpenAM集成。但是,在卸载代理后,tomcat会启动而没有任何错误,并且我能够登录到该应用程序
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------
该错误消息有点令人误解:无法获得应用程序SSO令牌通常意味着该代理无法对其自身进行身份验证。安装代理时,代理会要求提供配置文件名称和密码文件,这些值需要与OpenAM中配置的代理配置文件相对应。要测试您是否可以以用户身份进行身份验证,可以通过发出以下请求来尝试尝试以代理身份进行身份验证:
curl -d "username=profilename&password=password&uri=realm=/%26module=Application" http://aldaris.sch.bme.hu:8080/openam/identity/authenticate
在上述命令中,领域值必须与OpenSSOAgentBootstrap.properties中(在代理的安装目录下)定义的“ com.sun.identity.agents.config.organization.name”属性的值相同。
用户名/密码组合错误只是此异常的可能根本原因之一。在启动期间,代理也可能无法连接到OpenAM进行身份验证。在这些情况下,问题可能是:
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句